b5f49ac914523bbfb2978653cdf1e9b0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5f49ac914523bbfb2978653cdf1e9b0_JaffaCakes118
Size

49KB
MD5

b5f49ac914523bbfb2978653cdf1e9b0
SHA1

8a8c5b407aacfbdb2eee3693a1ff48f17b161851
SHA256

6c1628a8a60c3081101e8189ef9564fcba6501467ef8a428ad20047ac653bd4d
SHA512

21f06c2a44a9cc76eed6f3bfa9b8fbfeef5a7d0789c1e344f13a6766e0e780c467ef4b591c819718f282dbd51d99604e8423f57446e17bd26ff3aba37b6a5be6
SSDEEP

1536:2VE8m1U/aOp80nwUeoA180zIoAb53D55F3:oNmS1ABom8VoAb55

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5f49ac914523bbfb2978653cdf1e9b0_JaffaCakes118

Files

b5f49ac914523bbfb2978653cdf1e9b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ee8ee74d13f427ff2a2e8fcc9f5153c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFiber
ExitProcess
IsDebuggerPresent
LocalFileTimeToFileTime
SetConsoleTextAttribute
SetSystemTime

advapi32

AllocateAndInitializeSid
CryptImportKey
IsValidSid
LookupAccountNameA
LookupPrivilegeValueA
NotifyChangeEventLog
QueryServiceStatus
RegLoadKeyA
RegReplaceKeyA
RegisterEventSourceW
SetSecurityDescriptorSacl
SetSecurityInfoExW

shell32

Control_FillCache_RunDLL
DllGetClassObject
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLW
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHQueryRecycleBinW
SheChangeDirExW
SheFullPathA
SheGetDirA
SheGetDirW
SheRemoveQuotesA
ShellAboutW

gdi32

CreateDIBitmap
CreatePalette
EnumFontFamiliesExW
FlattenPath
GetICMProfileA
PlayMetaFile
SetICMProfileW
SetViewportOrgEx
SetWinMetaFileBits
StartDocA
StretchDIBits
StrokeAndFillPath

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE